You could follow one of the general purpose samba-ldap documentations
out there, because AFAIK samba is the most influencing service to depend
on ldap. I cannot recall what I used but you can have a look at:
http://gentoo-wiki.com/HOWTO_LDAP_SAMBA_PDC_Basic_Setuphttp://www.samba-ldap.de/samba-3-pdc-mit-ldap.html
the first one covers gentoo, the latter is written in german... but you
get the point.
One suggestion from my side is to use a OU base instead of DC based if
you are using multiple (internet-)domains.
To specify who can use what service, you can use ldap query-filters (eg.
for apache create a group "webusers" and so on)
At tme moment I use openldap for web, mail (Postfix & cyrus-imap), samba
and a per user address-book. Kerberos (heimdal) and radius is also
possible, but I do not use it at the moment.
If you require it, I can provide you with more information or even
relevant parts of the config-files.
br,
Robert Jesacher
On 25/03/2008 14:38 Outback Dingo wrote:
> As would I also like to
>> On Tue, Mar 25, 2008 at 8:11 PM, Trey Sizemore <trey at fastmail.fm> wrote:
>>> On Mon Mar 24, 2008 04:58PM, Tim Judd wrote:
>>> Jon Theil Nielsen wrote:
>>>> I asked this on freebsd-net@ but got no replies. So now I ask the same
>>>> question here.
>>>>>>>>> Hi list!
>>>>>>>>> >
>>>> > I have speculated a lot about implementation of (Open)LDAP on my
>>>> > sever. By I haven't yet found the right (and logical) way to do it.
>>>> > I'm running FreeBSD 7.0-Release with some different server
>> applications
>>>> > - Samba PDC
>>>> > - Virtual mail server (Postfix, MySQL, Courier-IMAP)
>>>> > - VPN (currently with mpd4)
>>>> > - Apache-2.2.8 web server (with PHP and MySQL)
>>>> > I would like to implement LDAP for:
>>>> > - authentication of UNIX/login users
>>>> > - authentication of Samba users
>>>> > - authentication/authorization of virtual mail users
>>>> > For the first part, I got useful information from a previsous
>> thread
>>>> > (
>>http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2008-02/msg01047.html>> )
>>>> > and for the second part, i guess there is sufficient howtos to make
>> it
>>>> > work.
>>>> > My biggest question right now is if is possible to combine all
>> three
>>>> > things in one data structure. And which in which order I should
>> make
>>>> > the different implimentions.
>>>> > Excuse my total lack of understanding, but is it possible to have a
>>>> > structure with a superior unit such as OU=<some organization> which
>>>> > could contain several virtual domains and the actual doamin for my
>>>> > PDC?
>>>> >
>>>> > --
>>>> > Jon Theil Nielsen
>>>>>>>> Oh, i forgot one more thing: I would also like to be able to
>>>> authenticate VPN users the same way.
>>>> --
>>>> Jon Theil Nielsen
>>>>>>> It's easy to find out if LDAP is a global solution for you. See if LDAP
>>> is an available option in each port's config.
>>>>>> I just finished setting up a LDAP-based email system. Samba is capable,
>>> unix logins are capable. There's a good chance everything is.
>>>>>> I liked the virtual part of everything, so I stopped after getting email
>>> working. I didn't want to open up my system to all sorts of unix/samba
>>> logins that might exploit or give me problems.
>>>>>> The email system I documented isn't ready for publishing. I'm having
>>> some select friends review it and proofread it first.
>>>>>> If there's any interest here, I will provide a 2nd publishing to the
>>> general public as a draft. Not to be used exclusively yet.
>>>>>> Jon, you should be able to get most if not all of it working though.
>>>>>> --Tim
>> I would like to see the documentation as well.
>>>> --
>> Cheers,
>> Trey
>> ----
>>>> The universe is change; our life is what our thoughts make it.
>> --Antoninus, Marcus Aurelius
>>>> Linux valkyrie 2.6.22.17-0.1-bigsmp i686 GNU/Linux
>> 9:10am up 11:11, 7 users, load average: 0.98, 0.98, 1.06
>> _______________________________________________
>>freebsd-questions at freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-questions>> To unsubscribe, send any mail to "
>>freebsd-questions-unsubscribe at freebsd.org"
>>> _______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"